github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,272 Commits 55 Branches 109 Tags
c7cacf80f21b6dba268c9c8878a7665e633a75ec
Commit Graph

2272 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ervin Hegedus
c7cacf80f2 Fix xml processing tests 2025-07-28 17:21:44 +02:00
Ervin Hegedus
63af83080c Fix pmfromfile external tests - temporary suspended all tests 2025-07-28 16:22:29 +02:00
Ervin Hegedus
780304caf4 Fix ipmatchfromfile external tests - temporary suspended all tests 2025-07-28 16:19:26 +02:00
Ervin Hegedus
1362a30e93 Fix SecRemoteRules test - that's need anymore 2025-07-28 16:18:14 +02:00
Ervin Hegedus
bc01714ca1 Fix status engine tests 2025-07-28 16:11:24 +02:00
Ervin Hegedus
33791eb14a Fix multipart tests 2025-07-28 16:09:10 +02:00
Ervin Hegedus
10659ad14d Fix request directives test cases 2025-07-28 15:30:04 +02:00
Ervin Hegedus
575314fe59 Fix misc directives test cases 2025-07-28 14:18:15 +02:00
Ervin Hegedus
36876ff5fb Fix load tests 2025-07-27 19:56:32 +02:00
Ervin Hegedus
158084c7ec Fix startup errors, missing getopt() args 2025-07-27 19:54:58 +02:00
Ervin Hegedus
a4ea4e6c00 Merge pull request #3412 from airween/v2/fixdarwinbuild 
fix: remove unused condition from msc_status_engine.c
 2025-07-04 19:07:04 +02:00
Ervin Hegedus
981d2251f1 Merge pull request #3411 from airween/v2/xmlparseempty 
fix: remove unwanted '\0' string terminator from argument's value
 2025-07-04 19:06:35 +02:00
Ervin Hegedus
0cff9e9dee Remove unnecessary condition 2025-07-02 22:03:46 +02:00
Ervin Hegedus
e12c0ef4cc Remove unvanted '\0' string terminator from arg value 2025-07-02 21:37:21 +02:00
Ervin Hegedus
5615addfb3 Change release version to v2.9.11 v2.9.11 2025-07-01 21:55:51 +02:00
Ervin Hegedus
ecd7b97368 Merge commit from fork 
fix: prevent segmentation fault if the XML node is empty
 2025-07-01 21:40:15 +02:00
Ervin Hegedus
8879413abf Add comment to explain the behavior 2025-06-26 21:50:54 +02:00
Ervin Hegedus
e56d62960e Set correct pathlen 2025-06-26 17:42:49 +02:00
Ervin Hegedus
8cb7fc82fe Set correct length of currpath 2025-06-24 22:10:20 +02:00
Ervin Hegedus
f9e81f2c78 Leave strlen() if not necesseraly; use own length storage 2025-06-24 22:02:00 +02:00
Ervin Hegedus
89d3ad38c5 Introduced a new variable to hold currval length 2025-06-24 21:34:12 +02:00
Ervin Hegedus
ca99ccd23f Fix unexpected behavior if the XML tag is empty 2025-06-24 21:12:26 +02:00
Ervin Hegedus
c01e5db35b Merge pull request #3401 from nic-prgs/ValidateSchema-memory-leak 
Plug memory leak when msre_op_validateSchema_execute() exits normally (validateSchema)
 2025-06-11 21:19:40 +02:00
Nic Grant
cfbdc30ef1 Fix memory leak when msre_op_validateSchema_execute exits normally (ValidateSchema) 2025-06-11 09:34:00 +01:00
Ervin Hegedus
348005a7d6 Merge pull request #3400 from airween/v2/msiinstaller 
chore: bump version in MSI installer.wxs
 2025-06-11 10:17:50 +02:00
Ervin Hegedus
8fd8f37a77 Typo fix 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
 2025-06-10 15:07:21 +02:00
Ervin Hegedus
7896784079 chore: bump version in MSI installer.wxs 2025-06-10 10:51:31 +02:00
Ervin Hegedus
061fade08d Merge pull request #3391 from amezin/socket-leak 
Fix resource leaks in `msc_status_engine_mac_address`
 2025-06-07 13:29:12 +02:00
Ervin Hegedus
0923377d6d Change release version to v2.9.10 v2.9.10 2025-06-02 16:59:37 +02:00
Ervin Hegedus
8a704871ca Preparing new release 2025-06-02 16:50:33 +02:00
Ervin Hegedus
3a54ccea62 Merge commit from fork 
fix: avoid multiplication of storing argument keys for sanitizing
 2025-06-02 16:45:24 +02:00
Aleksandr Mezin
0a70b0e343 Fix resource leaks in msc_status_engine_mac_address 
`goto end` jumped over freeing/releasing resources for all platforms.

For Linux, this caused a leak of open socket. For other platforms, it's
just a memory leak.
 2025-05-27 11:21:59 +03:00
Ervin Hegedus
614c6e18a7 fix: add ARGS to sanitize list only if it's not added yet in case of sanitizeArg 2025-05-24 12:04:39 +02:00
Ervin Hegedus
a217cb1056 Merge pull request #3389 from airween/v2/master 
chore: prepare v2.9.9
v2.9.9 		2025-05-21 21:31:41 +02:00
Ervin Hegedus
0fa2754a0e Fix change's title 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-05-21 21:15:51 +02:00
Ervin Hegedus
9ab88d6206 chore: prepare v2.9.9 2025-05-21 21:10:34 +02:00
Ervin Hegedus
2714eb2f3f Merge pull request #3388 from airween/v2/master 
docs: added changes
 2025-05-21 21:03:57 +02:00
Ervin Hegedus
26161b907e Merge commit from fork 
fix: add ARGS to sanitize list only if it's not added yet
 2025-05-21 20:59:26 +02:00
Ervin Hegedus
cbbbaa6b0c docs: added changes 2025-05-21 14:36:15 +02:00
Ervin Hegedus
fdfc2d5b21 fix: add ARGS to sanitize list only if it's not added yet 2025-05-19 10:53:50 +02:00
Ervin Hegedus
7d738112d3 Merge pull request #3387 from airween/v2/mutex_create 
chore: log error codes for global mutex failure modes.
 2025-05-19 10:01:34 +02:00
Joe Orton
5aa6ce0aa2 Log error codes for global mutex failure modes. 2025-05-17 14:55:09 +02:00
Ervin Hegedus
38850f912b Merge pull request #3372 from notroj/v2-gcc-warning-fixes 
Fix compiler warnings from GCC
 2025-05-17 10:09:29 +02:00
Ervin Hegedus
f2996d6dac Merge pull request #3383 from airween/v2/pcre2default 
chore: refactor build system to use PCRE2
 2025-05-17 09:28:21 +02:00
Joe Orton
de1cf63d26 Fix GCC warning in msc_headers_to_buffer(): 
In file included from /usr/include/stdio.h:970,
                 from modsecurity.h:18,
                 from msc_util.c:15:
In function 'sprintf',
    inlined from 'msc_headers_to_buffer' at msc_util.c:2331:17:
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'buffer' [-Wrestrict]
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
msc_util.c: In function 'msc_headers_to_buffer':
msc_util.c:2306:64: note: destination object referenced by 'restrict'-qualified argument 1 was declared here
 2306 | int msc_headers_to_buffer(const apr_array_header_t *arr, char *buffer,
      |                                                          ~~~~~~^~~~~~
 2025-05-16 09:59:32 +01:00
Joe Orton
9d9a727349 Fix compiler warnings. Reported by GCC with flags: 
-Wall -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS

Note, e.g. sprintf(digest, "%s%02x", digest, ...) is undefined behaviour because
the destination and source variables overlap, and GCC warnings for this.

acmp.c:258:13: warning: 'acmp_clone_node_no_state' defined but not used [-Wunused-function]
apache2_config.c:806:9: warning: unused variable 'offset' [-Wunused-variable]
apache2_config.c:1886:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:1942:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2470:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_config.c:2538:23: warning: unused variable 'dcfg' [-Wunused-variable]
apache2_util.c:226:11: warning: unused variable 'str' [-Wunused-variable]
apache2_util.c:225:11: warning: unused variable 'saved' [-Wunused-variable]
apache2_util.c:224:11: warning: unused variable 'parse_remote' [-Wunused-variable]
apache2_util.c:223:11: warning: unused variable 'remote' [-Wunused-variable]
msc_status_engine.c:216:17: warning: unused variable 'i' [-Wunused-variable]
msc_status_engine.c:375:55: warning: the address of 'pcre' will always evaluate as 'true' [-Waddress]
msc_crypt.c:67:17: warning: unused variable 'bytes' [-Wunused-variable]
msc_crypt.c:1083:33: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
msc_crypt.c:1090:29: warning: variable 'enc' set but not used [-Wunused-but-set-variable]
/usr/include/bits/stdio2.h:30:10: warning: '__sprintf_chk' argument 5 overlaps destination object 'digest' [-Wrestrict]
msc_json.c:405:11: warning: unused variable 'json_data' [-Wunused-variable]
msc_crypt.c:1097:79: warning: '%s' directive argument is null [-Wformat-overflow=]
msc_logging.c:1144:20: warning: unused variable 'now' [-Wunused-variable]
msc_remote_rules.c:729:19: warning: unused variable 'word' [-Wunused-variable]
msc_remote_rules.c:727:17: warning: unused variable 'tmp' [-Wunused-variable]
msc_remote_rules.c:805:1: warning: control reaches end of non-void function [-Wreturn-type]
msc_tree.c:836:19: warning: unused variable 'ip' [-Wunused-variable]
msc_xml.c:29:44: warning: variable 'entity' set but not used [-Wunused-but-set-variable]
msc_util.c:2627:11: warning: unused variable 'start' [-Wunused-variable]
msc_util.c:2626:17: warning: unused variable 'fd' [-Wunused-variable]
msc_util.c:2624:18: warning: unused variable 'rc' [-Wunused-variable]
msc_util.c:1077:19: warning: array subscript 1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds=]
 2025-05-16 09:59:32 +01:00
Ervin Hegedus
854906de7c Typo fix 
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
 2025-05-16 09:40:10 +02:00
Ervin Hegedus
2ed32f2035 Fix option check condition 2025-05-15 21:50:02 +02:00
Ervin Hegedus
d7b38f034e Refactor code and build system to use libpcre2 as the default 2025-05-15 21:13:52 +02:00
Ervin Hegedus
9bc3300a3a Merge pull request #3374 from RedXanadu/fix_standalone_error_logging 
Fix error logging for standalone module
 2025-05-14 13:24:42 +02:00